Saturday, June 15, 2013

Corporate Cyberattacks Come Out of the Shadows

Since the dawn of cybercrime in the late 1990s, public companies have largely operated under the notion that, while they have an essential responsibility to guard their data with appropriate security measures, they have little duty to report attacks to investors and regulators. That is all about to change.

A full-fledged cyber war is now completely out of the shadows and was put on center stage during the June 8-9 summit between President Barack Obama and Chinese President Xi Jinping. While little specific progress came out of the meeting, National Security Adviser Tom Donilon said afterwards that cybercrime is the “key to the future” of the U.S.-China relationship, making it ever more clear that each cyber-incident is now part of a high-level military and diplomatic dance.

This escalating, and highly publicized, battle over cybercrime is going to force U.S. businesses to be more forthcoming about attacks, exposing them to significant new legal and regulatory threats.

While it might seem obvious that companies would consider nearly any significant cyber-attack a material event to require proper disclosure, the reality is that the legal and regulatory implications of attacks are extremely murky. In fact, organizations are faced with intensely conflicting interests. A company trying to decide what and how much to disclose, and whom to disclose it to, faces a decision much like the one facing the kid who gets his lunch money stolen from the bully: Is there more risk in telling the authorities or in remaining silent?More here: http://www.law.com/corporatecounsel/PubArticleCC.jsp?id=1202604319421&Corporate_Cyberattacks_Come_Out_of_the_Shadows&slreturn=20130515090441

Prior to starting ComSec LLC in 2007, Mr. LeaSure was active within the counterespionage, counterterrorism and TSCM fields for 26 years. He has attained the prestigious CCISM, Certified Counterespionage Information Security Management Certification. He also has extensive training, knowledge and experience in the identification of eavesdropping devices, espionage detection methods and the intelligence collection tactics most often employed by perpetrators of electronic espionage.

J.D. LeaSure is also the Director of the Espionage Research Institute International (ERII). As Director, he is tasked with ensuring the organization is successful in its mission to provide continuing education, facilitate professional relationship building and ensure the counterespionage & counterintelligence skill sets of its membership remains current as espionage tactics and devices evolve.